yeahuh / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone
ae23c9
From 4bb6d68815ce5ab1ebd5030b94031e0621806822 Mon Sep 17 00:00:00 2001
ae23c9
From: Markus Armbruster <armbru@redhat.com>
ae23c9
Date: Fri, 31 Aug 2018 13:59:21 +0100
ae23c9
Subject: [PATCH 1/3] target/i386: sev: fix memory leaks
ae23c9
ae23c9
RH-Author: Markus Armbruster <armbru@redhat.com>
ae23c9
Message-id: <20180831135922.6073-2-armbru@redhat.com>
ae23c9
Patchwork-id: 81981
ae23c9
O-Subject: [qemu-kvm RHEL8/virt212 PATCH 1/2] target/i386: sev: fix memory leaks
ae23c9
Bugzilla: 1615717
ae23c9
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
ae23c9
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
ae23c9
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
ae23c9
ae23c9
From: Paolo Bonzini <pbonzini@redhat.com>
ae23c9
ae23c9
Reported by Coverity.
ae23c9
ae23c9
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ae23c9
(cherry picked from commit bf3175b49952628f96d72d1247d8bb3aa5c2466c)
ae23c9
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
ae23c9
---
ae23c9
 target/i386/sev.c | 32 +++++++++++++++++---------------
ae23c9
 1 file changed, 17 insertions(+), 15 deletions(-)
ae23c9
ae23c9
diff --git a/target/i386/sev.c b/target/i386/sev.c
ae23c9
index c011671..2395171 100644
ae23c9
--- a/target/i386/sev.c
ae23c9
+++ b/target/i386/sev.c
ae23c9
@@ -430,7 +430,8 @@ static int
ae23c9
 sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain,
ae23c9
                  size_t *cert_chain_len)
ae23c9
 {
ae23c9
-    guchar *pdh_data, *cert_chain_data;
ae23c9
+    guchar *pdh_data = NULL;
ae23c9
+    guchar *cert_chain_data = NULL;
ae23c9
     struct sev_user_data_pdh_cert_export export = {};
ae23c9
     int err, r;
ae23c9
 
ae23c9
@@ -471,8 +472,9 @@ e_free:
ae23c9
 SevCapability *
ae23c9
 sev_get_capabilities(void)
ae23c9
 {
ae23c9
-    SevCapability *cap;
ae23c9
-    guchar *pdh_data, *cert_chain_data;
ae23c9
+    SevCapability *cap = NULL;
ae23c9
+    guchar *pdh_data = NULL;
ae23c9
+    guchar *cert_chain_data = NULL;
ae23c9
     size_t pdh_len = 0, cert_chain_len = 0;
ae23c9
     uint32_t ebx;
ae23c9
     int fd;
ae23c9
@@ -486,7 +488,7 @@ sev_get_capabilities(void)
ae23c9
 
ae23c9
     if (sev_get_pdh_info(fd, &pdh_data, &pdh_len,
ae23c9
                          &cert_chain_data, &cert_chain_len)) {
ae23c9
-        return NULL;
ae23c9
+        goto out;
ae23c9
     }
ae23c9
 
ae23c9
     cap = g_new0(SevCapability, 1);
ae23c9
@@ -502,9 +504,9 @@ sev_get_capabilities(void)
ae23c9
      */
ae23c9
     cap->reduced_phys_bits = 1;
ae23c9
 
ae23c9
+out:
ae23c9
     g_free(pdh_data);
ae23c9
     g_free(cert_chain_data);
ae23c9
-
ae23c9
     close(fd);
ae23c9
     return cap;
ae23c9
 }
ae23c9
@@ -530,7 +532,7 @@ sev_launch_start(SEVState *s)
ae23c9
 {
ae23c9
     gsize sz;
ae23c9
     int ret = 1;
ae23c9
-    int fw_error;
ae23c9
+    int fw_error, rc;
ae23c9
     QSevGuestInfo *sev = s->sev_info;
ae23c9
     struct kvm_sev_launch_start *start;
ae23c9
     guchar *session = NULL, *dh_cert = NULL;
ae23c9
@@ -543,7 +545,7 @@ sev_launch_start(SEVState *s)
ae23c9
                                             &error_abort);
ae23c9
     if (sev->session_file) {
ae23c9
         if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) {
ae23c9
-            return 1;
ae23c9
+            goto out;
ae23c9
         }
ae23c9
         start->session_uaddr = (unsigned long)session;
ae23c9
         start->session_len = sz;
ae23c9
@@ -551,18 +553,18 @@ sev_launch_start(SEVState *s)
ae23c9
 
ae23c9
     if (sev->dh_cert_file) {
ae23c9
         if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) {
ae23c9
-            return 1;
ae23c9
+            goto out;
ae23c9
         }
ae23c9
         start->dh_uaddr = (unsigned long)dh_cert;
ae23c9
         start->dh_len = sz;
ae23c9
     }
ae23c9
 
ae23c9
     trace_kvm_sev_launch_start(start->policy, session, dh_cert);
ae23c9
-    ret = sev_ioctl(s->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error);
ae23c9
-    if (ret < 0) {
ae23c9
+    rc = sev_ioctl(s->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error);
ae23c9
+    if (rc < 0) {
ae23c9
         error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'",
ae23c9
                 __func__, ret, fw_error, fw_error_to_str(fw_error));
ae23c9
-        return 1;
ae23c9
+        goto out;
ae23c9
     }
ae23c9
 
ae23c9
     object_property_set_int(OBJECT(sev), start->handle, "handle",
ae23c9
@@ -570,12 +572,13 @@ sev_launch_start(SEVState *s)
ae23c9
     sev_set_guest_state(SEV_STATE_LAUNCH_UPDATE);
ae23c9
     s->handle = start->handle;
ae23c9
     s->policy = start->policy;
ae23c9
+    ret = 0;
ae23c9
 
ae23c9
+out:
ae23c9
     g_free(start);
ae23c9
     g_free(session);
ae23c9
     g_free(dh_cert);
ae23c9
-
ae23c9
-    return 0;
ae23c9
+    return ret;
ae23c9
 }
ae23c9
 
ae23c9
 static int
ae23c9
@@ -712,7 +715,7 @@ sev_guest_init(const char *id)
ae23c9
     uint32_t host_cbitpos;
ae23c9
     struct sev_user_data_status status = {};
ae23c9
 
ae23c9
-    s = g_new0(SEVState, 1);
ae23c9
+    sev_state = s = g_new0(SEVState, 1);
ae23c9
     s->sev_info = lookup_sev_guest_info(id);
ae23c9
     if (!s->sev_info) {
ae23c9
         error_report("%s: '%s' is not a valid '%s' object",
ae23c9
@@ -720,7 +723,6 @@ sev_guest_init(const char *id)
ae23c9
         goto err;
ae23c9
     }
ae23c9
 
ae23c9
-    sev_state = s;
ae23c9
     s->state = SEV_STATE_UNINIT;
ae23c9
 
ae23c9
     host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
ae23c9
-- 
ae23c9
1.8.3.1
ae23c9